Ask Your Question

heat stack create error - misconfig auth issue?

asked 2016-10-18 17:11:58 -0600

aegiacometti gravatar image

updated 2016-10-19 15:12:18 -0600

rbowen gravatar image

Hi, i am following heat install guide (mitaka / newton). When i try to create the first stack i get the following error

root@controller:~# . demo-openrc
root@controller:~# export NET_ID=$(openstack network list | awk '/ VM#1-VLAN502 / { print $2 }')
root@controller:~# echo $NET_ID
root@controller:~# openstack stack create -t demo-template.yml --parameter "NetID=$NET_ID" stack
ERROR: Remote error: BadRequest Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-78bd14a5-01c1-4da8-bdeb-635a2496c86c)

Nova, Glance and Neutron are working just fine. Running on Ubuntu 14.04.3 It seems to be an authentication issue?

This is mi demo-openrc file

root@controller:~# more demo-openrc

export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=xxxd3m0
export OS_AUTH_URL=http://controller:5000/v3

And this is mi heat.conf

root@controller:~# more /etc/heat/heat.conf | grep -v '#'


heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = xxxh34td0m
stack_user_domain_name = heat
rpc_backend = rabbit



connection = mysql+pymysql://heat:xxxh34t@controller/heat

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = xxxh34t




rabbit_host = controller
rabbit_userid = openstack
rabbit_password = xxxr4bb1t




auth_type = password
auth_url = http://controller:35357
username = heat
password = xxxh34t
user_domain_name = default

auth_uri = http://controller:35357

auth_uri = http://controller:5000

any help would be appreciated, thanks

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-10-19 19:42:24 -0600

aegiacometti gravatar image

After digging in DEBUG of keystone and heat, i have found this log at heat-engine.log

WARNING heat.common.context [xxx] Using the keystone_authtoken user as the heat trustee user directly is deprecated. Please add the trustee credentials you need to the trustee section of your heat.conf file.

Using this line i start digging into the web and i found this bug #1300246 at, wich seems related to authentication issues.

I'm not an expert... but... by comparing what is told there and the config guide says, i found this tiny difference

[trustee] auth_plugin = password

versus what is written in the guide

[trustee] auth_type = password

After changing from auth_type to auth_plugin, the "openstack create ..." starts working as expected.

I don't know for sure if this has another implications, but for now, i'am ok... and i can continue learning openstack heat module

I just wanted to share this, hope it helps someone


edit flag offensive delete link more


auth_plugin was the old name for the option, which is now deprecated and has been replaced by auth_type. It may be that you have an old version of the keystoneauth1 library that doesn't yet include the name change.

zaneb gravatar imagezaneb ( 2016-11-15 09:02:24 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-10-18 17:07:46 -0600

Seen: 1,045 times

Last updated: Oct 19 '16